-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TOCTTOU in usage of access()
#539
Comments
i'm aware about TOCTTOU and its implications, but i figure the chances of proxychains.conf disappearing between the check and the usage are too small to be relevant. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use
There's no guarantee that the information
access()
returns is valid after it returns.This function should be removed and its caller should be reworked to use
open()
:proxychains-ng/src/common.c
Lines 77 to 81 in d5cc80a
There's a 2nd usage of
access()
in the source code, but it's not a bug because there's no way to do what it does with file descriptors:proxychains-ng/src/main.c
Lines 122 to 129 in d5cc80a
The text was updated successfully, but these errors were encountered: